Environment Manager CLI

Manage secrets for dev/staging (EC2 + SSM) and production (ECS + Secrets Manager).

Setup

uv sync
cp .env.example .env
# Edit .env with your AWS credentials and Slack webhook

Commands

Production (Secrets Manager + ECS)

Workflow: Updates Secrets Manager → Updates Task Definition → Sends Slack Alert → Manual deployment

# List all secrets
uv run prod list -s wallet-service

# Read a secret
uv run prod read -s wallet-service -k DATABASE_URL

# Update/Add secrets
uv run prod update -s wallet-service -p DATABASE_URL=new_value
uv run prod update -s wallet-service -p KEY1=val1 -p KEY2=val2

# Delete secrets (7-day recovery)
uv run prod delete -s wallet-service -k OLD_KEY

# Force delete (immediate, no recovery)
uv run prod delete -s wallet-service -k OLD_KEY --force

Dev/Staging (EC2 + SSM)

Workflow: Updates .env files on EC2 → Sends Slack Alert

# List all variables
uv run alerts list -s wallet-service -e development

# Read a variable
uv run alerts read -s wallet-service -e development -k DATABASE_URL

# Update/Add variables
uv run alerts update -s wallet-service -e development -p DATABASE_URL=new_value
uv run alerts update -s wallet-service -e development -p KEY1=val1 -p KEY2=val2

# Delete variables
uv run alerts delete -s wallet-service -e development -k OLD_KEY

Services

• wallet-service - Payment/wallet service
• user-mgt-service - User management service

Environments (alerts only)

• development - Dev environment
• staging - Staging environment

Configuration

Production Services - Edit env_manager/prod.py:

PROD_CONFIGS: Dict[Service, EcsProdConfig] = {
    Service.WALLET_SERVICE: EcsProdConfig(
        service_name='wallet-service-prod',
        cluster_name='prod-cluster-a',
        secret_base_path='prod/payment/',
        aws_region='us-west-2'
    ),
}

Dev/Staging Services - Edit env_manager/alerts.py:

SERVICE_ENV_FILES = {
    Service.WALLET_SERVICE: [
        EnvFile(
            environment=Environment.DEVELOPMENT,
            file_path='/home/ubuntu/app/.env',
            aws_instance_id='i-02a10fc4eeb44394a',
            aws_region='us-west-2'
        ),
    ],
}

Environment Variables - Create .env file:

AWS_ACCESS_KEY_ID=your_key
AWS_SECRET_ACCESS_KEY=your_secret
SLACK_WEBHOOK_URL=your_slack_webhook

Notes

• Production updates create new ECS Task Definition revisions (manual deployment required)
• Dev/Staging updates modify .env files on EC2 instances via SSM
• Slack alerts mask secret values and show only key names
• Delete operations have 7-day recovery window by default (use --force for immediate deletion)